[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] arthur's bugs

On Fri, Apr 29, 2011 at 1:33 PM, John Regehr <regehr@cs.utah.edu> wrote:
>> By the way, I've been wondering about your original motivation for
>> printing only a final checksum,
> Basically two reasons.
> First, we wanted to give the compiler maximum freedom to mess with the
> program without being constrained by the optimization-squashing restrictions
> of an external function call.

Optimization-squashing, you say? :)  One man's squash is another man's enable.
Of course, in fairness, it wouldn't be very likely that a randomly
generated format string would happen to match one of the triggers
listed in that article; I don't really expect that GCC would do
anything weird with printf("%d %s %x",...).  But you never know.
Derek Jones was talking just last week on this list about a
hypothetical buggy compiler that would misoptimize printf("%d", (myint
= 42L)).

And, on the *other* other other hand, it's also possible for a
compiler to have a bug related to external function calls that doesn't
reproduce with intra-module calls.  For example, maybe the compiler
assumes that a particular register is callee-save, but in fact that
register is trashed by a sufficiently complicated function.  Or maybe
passing certain types through varargs is an issue.  There are plenty
of interesting bug opportunities with printf! :)